CVE-2021-3710: 
Linux Ubuntu vulnerability analysis and mitigation

An information disclosure vulnerability via path traversal was discovered in the read_file() function within apport/hookutils.py. The vulnerability affects multiple versions of apport including 2.14.1 (prior to 2.14.1-0ubuntu3.29+esm8), 2.20.1 (prior to 2.20.1-0ubuntu2.30+esm2), 2.20.9 (prior to 2.20.9-0ubuntu7.26), and 2.20.11 (prior to both 2.20.11-0ubuntu27.20 and 2.20.11-0ubuntu65.3). The issue was discovered by Maik Münch and Stephen Röttger and was assigned CVE-2021-3710 on August 16, 2021 (CVE Details).

The vulnerability exists in the apport/hookutils.py function read_file() where incorrect handling of path traversal allows attackers to bypass intended file access restrictions. The issue specifically involves the processing of PID values in crash reports, where the code fails to properly sanitize file paths. This allows manipulation of file paths through directory traversal sequences, potentially exposing sensitive system files (Launchpad Bug).

When exploited, this vulnerability allows a local attacker to gain read access to arbitrary files that may contain sensitive information. The impact is particularly severe because apport runs with elevated privileges through whoopsie, potentially exposing system-level sensitive data (Ubuntu Security).

The vulnerability was patched in multiple Ubuntu releases with updated versions: 2.14.1-0ubuntu3.29+esm8, 2.20.1-0ubuntu2.30+esm2, 2.20.9-0ubuntu7.26, 2.20.11-0ubuntu27.20, and 2.20.11-0ubuntu65.3. The fix includes implementing proper path traversal detection and handling of directory symlinks in the apport/hookutils.py file (Ubuntu Security).